An incredibly critical vulnerability was patched by Polygon–a scaling framework for Ethereum–in secret, it would seem. The vulnerability put $24 billion user funds in danger of being stolen. Unfortunately, though the team was able to crack down on the issue at hand, it wasn’t before one of the hackers involved was able to make off with $1.8 million in Polygon’s MATIC tokens.
White hat hackers were the ones to share this exploit, taking to the bug bounty platform known as ImmuneFi on December 3. Within 48 hours of their report, an upgrade was initiated, following which the team at Polygon wrote a blog stating they’d decided not to reveal what happened until after they’d patch it.
They wrote, “Considering the nature of this upgrade, it had to be executed without attracting too much attention.”
Had this been left unaddressed, the smart contract vulnerability most definitely would have enabled hackers to mint more than 9.2 billion of MATIC tokens from the genesis contract. Polygon’s prompt upgrade execution was able to luckily prevent users from losing their funds, the upgrade having been completed without any issues or bumps in the road.
Though this is great news indeed, as the disaster was by all accounts averted, the quick-fix didn’t arrive soon enough to prevent the theft of $1.8 million in MATIC tokens.
One of the attackers was able to make off with a sum total of 800,000 MATIC just before the patch was put into effect. Polygon said this is a loss that it would most definitely cover from their end.
Jaynti Kanani, the co-founder of the project said that a situation of this nature was only a matter of time, citing that it’d occur “sooner or later,” but that the end result was a testament to the network’s resilience.
“Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances,” he remarked. Of course, the market is aligned to agree, thanks to MATIC currency trading at $2.56-up 41% over the past month.